Question $11$

A cybersecurity analyst is reviewing the website of a major financial institution. The analyst

suspects that vulnerabilities might allow an attacker to exploit Cross$-$site Scripting $($XSS$)$ and

SQL Injection $($SQLi$)$ vulnerabilities. When examining the website for potential XSS and SQLi

vulnerabilities, what are common indicators a cybersecurity analyst should look for? $($Select

the two best options.$)$

Web pages that allow file uploads without validation

Error messages that disclose database information

The presence of HTTPS in the URL

Input fields that do not sanitize user input